CVEDB API

Vulnerabilities

Vulnerable Software

Jenkins: >> Vmware Lab Manager Slaves >> 0.2.5 Security Vulnerabilities

CVE-2020-2319

Jenkins VMware Lab Manager Slaves Plugin 0.2.8 and earlier stores a password unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.

CVSS Score

6.5

EPSS Score

0.0

Published

2020-11-04

CVE-2019-10382

Jenkins VMware Lab Manager Slaves Plugin 0.2.8 and earlier disables SSL/TLS and hostname verification globally for the Jenkins master JVM.

CVSS Score

6.5

EPSS Score

0.001

Published

2019-08-07

CVE-2019-1003078

A cross-site request forgery vulnerability in Jenkins VMware Lab Manager Slaves Plugin in the LabManager.DescriptorImpl#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server.

CVSS Score

6.5

EPSS Score

0.001

Published

2019-04-04

CVE-2019-1003079

A missing permission check in Jenkins VMware Lab Manager Slaves Plugin in the LabManager.DescriptorImpl#doTestConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server.

CVSS Score

6.5

EPSS Score

0.001

Published

2019-04-04

Page 1

Vulnerabilities

Vulnerable Software

Jenkins: >> Vmware Lab Manager Slaves >> 0.2.5 Security Vulnerabilities

Products

Pricing

Contact Us